1

...or do you only need to start a new session?

I've been given the task of fixing a bug that causes sessions to expire even though the session.gc_maxlifetime is set to 8 hours (It does get set, i've checked).

After going through the code, i noticed that session_start() is called on every load, as predicted, but the login-data sessions are only set when the user logs in.

Do i need to set the user data sessions on every page load for the session-lifetime to reset?

I need the session to be alive for 8 hours, even if the page doesn't reload.

qwerty
  • 5,166
  • 17
  • 56
  • 77

2 Answers2

0

You need to set the session variable again.

One method, use $_SESSION['last_click_time'] = time(); and compare it. If it's outdated, refresh the session variable, log the user back in, etc etc.

Robin Jonsson
  • 2,761
  • 3
  • 22
  • 42
  • It should probably work as it is now then. See this code: http://pastebin.com/puQVqgpY What it does: 1) Start session 2) Set session lifetime to 8h 3) Call authorize() without any params 4) It matches session data against database 5) Data is correct, it sets the session data again and returns true. ... For some reason the session still expires in way less than 8h (not sure exactly how long it lasts, but definitely not more than 2h). – qwerty Dec 05 '12 at 10:39
  • And as for your suggested method, that won't work if the last_click_time session expires. – qwerty Dec 05 '12 at 10:51
  • I'm sorry, I'm out of clues then. I usually just keep the session variable as it is, with the default timeout. I hope you'll find an answer though! – Robin Jonsson Dec 05 '12 at 13:00
  • Yeah i'm pretty sure Álvaros answer solved it, but you answered my question i asked so i accepted your answer. – qwerty Dec 05 '12 at 13:55
0

You are probably using the default location for session files and it's a temporary directory shared by all web sites on the server. In that case, the site with shortest session.gc_maxlifetime will probably remove session data from all sites. The reason is that there's no way to determine what site owns what session file.

You'll need to create a custom directory for sessions and specify it with session.save_path

Álvaro González
  • 142,137
  • 41
  • 261
  • 360
  • Oh that's interesting. Do i only need to change the save_path to something else or do i need to change the code as well? – qwerty Dec 05 '12 at 11:17
  • Nevermind that, i got it working. Now i'll just have to wait and see if it works. Thanks for the suggestion! :) – qwerty Dec 05 '12 at 11:23